|
Size: 1227
Comment:
|
Size: 1632
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 13: | Line 13: |
| }}} 3. To get 'chsh' and 'chfn' to work for updating LDAP, edit /etc/ldap/slapd.conf to allow access for users to update their loginShell and gecos entries by adding: {{{ access to attribute=loginShell by dn="cn=admin,dc=FOO,dc=BAR" write by self write by * read }}} {{{ access to attribute=gecos by dn="cn=admin,dc=FOO,dc=BAR" write by self write by * read |
Configuring LDAP Authentication for Debian
OpenLDAPSetup
1. Install the ["OpenLDAP"] package [http://packages.debian.org/cgi-bin/search_packages.pl?searchon=names&keywords=slapd slapd]
Do 'apt-get install slapd', answering prompts as required and generaly picking defaults except where they are obviously examples.
2. Edit the LDAP configuration file
To make using LDAP utilities like 'ldapsearch' a little less painful, edit /etc/ldap/ldap.conf (installed by the 'libldap2' package on the stable (a.k.a. 'woody') distribution) to set:
BASE dc=<yourhost>,dc=<your>,dc=<domain> URI ldap://localhost
3. To get 'chsh' and 'chfn' to work for updating LDAP, edit /etc/ldap/slapd.conf to allow access for users to update their loginShell and gecos entries by adding:
access to attribute=loginShell
by dn="cn=admin,dc=FOO,dc=BAR" write
by self write
by * read access to attribute=gecos
by dn="cn=admin,dc=FOO,dc=BAR" write
by self write
by * read3. Tune your LDAP server performance
To improve LDAP performance, edit /etc/ldap/slapd.conf to set more indexes than the stable (a.k.a. 'woody') default of just objectClass (taken from the Mandrake documentation):
index objectClass,uid,uidNumber,gidNumber eq index cn,mail,surname,givenName eq,subinitial
4. Update the LDAP indexes
Make sure the indexes are updated by doing (as root):
# /etc/init.d/slapd stop # slapindex # /etc/init.d/slapd start
- ["LDAPAuthentication"]